Script to auto add MAC's to a End system group in NAC

  • 0
  • 2
  • Question
  • Updated 3 months ago
  • Answered
Hi Community

Thought I will ask here before I try and re invent the wheel.

We have deployed a NAC at a corporate client.
Different policies is applied to the clients based on various End system Groups.

The problem the client has is that currently they are manually adding clients to end system groups.
They are looking for automating this process by having something like a central Excel sheet with a list of all the MAC, and having this imported to the NAC end system groups automatically.
New Mac's can just be added to the excel sheet by a non technical person and then place the user in the correct end system group.

Using the XMS connect module with web service this can be done, but programming is not my strong point :0....

Anybody out their done something like this that you can share with me.
 
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,288 Points 5k badge 2x thumb

Posted 3 months ago

  • 0
  • 2
Photo of Kurt Semba

Kurt Semba, Employee

  • 1,438 Points 1k badge 2x thumb
Hi Andre,

the XMC API provides you with the functionality you are looking for. If you want to pull the data from an Excel sheet I'm assuming you are planning to build a script for the Windows platform!? 

My suggestion then would be to either use Powershell (advantage: nothing else to install on your Windows machine) or something like Python (you will need to install the scripting environment for it).
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 9,824 Points 5k badge 2x thumb
Hi Andre.

Another option is to use Extreme Connect module called Distributed IPS to fill the endsystem table based on syslog.

if you do not like scripting at all:
1. enable and configure distriubted IPS under what conditions to fill what end-system table
2. connect to the XMC by SSH (or any linux machine) and you can use command logger to send syslog message to XMC.

logger Please add Printer MAC: 00:11:22:33:44:55
will have result in the syslog:
<5>Jul 16 19:10:27 XMC(127.0.0.1) root: Please add Printer MAC: 00:11:22:33:44:55

Regarding the IPS module configuration you can take inspiration from GitHub = https://github.com/extremenetworks/Integrations/blob/master/SonicWall/dips/README.md
and https://github.com/extremenetworks/Integrations/blob/master/Infoblox/dips/README.md

for the example above the regex will be 
Please.add.Printer.MAC:.$threatMacAddress

good luck
(Edited)
Photo of SH

SH

  • 4,792 Points 4k badge 2x thumb
Hello Andre,

if you a not familiar with programming, there is a third quite easy way to add your end systems.
You can use the NAC Request Tool (available for Linux and Windows). With the NAC Request Tool you can add endsystems in the CSV format.

You will find the tool in the download section for XMC and a PDF manual in documentation section.
You will find a lot of examples, too.

Best regards
Stephan